Privacy Policy

Effective:

("the App") is operated by ("we", "us", "our"). This policy describes how we collect, use, and protect your information.

Information We Collect
How We Use Your Information
Third-Party Services
HealthKit Data
Data Retention
Data Deletion & Your Rights
Security
Children
California Residents
International Users
Changes to This Policy
Contact

1. Information We Collect

On-Device & iCloud Only

The following data is stored exclusively on your device and in your personal iCloud account. It is never transmitted to our servers:

Meal and consumption logs, nutrition tracking
Weight, body composition, and body measurements
Beverage logs and hydration data
Macro targets and calorie goals
Pantry items and inventory
All Apple HealthKit data
User preferences (measurement system, dietary settings)

Collected on Our Servers

When you create an account and use our services, we collect:

Account data: email address (real or Apple relay), display name, Apple ID identifier
Subscription data: subscription tier, transaction IDs, renewal status, billing events
Virtual currency: Ember balance and full transaction ledger (earnings, spend, grants, refunds)
Achievement data: badges earned, earning timestamps, anti-cheat evaluation results
Referral data: referral code, conversion count, reward tracking
Recipe generation requests: pantry ingredient names, dietary preferences, fitness goal, calorie target, macro targets, allergens, disliked ingredients, household size, cooking skill level, measurement system, cuisine/time/method/meal type constraints
Device & diagnostic data: device model, OS version, app version, session IDs, crash reports, performance metrics, error logs
Feedback & reports: nutrition corrections, recipe ratings, classification feedback, general feedback
Anti-fraud signals: device check status, badge earning patterns, re-registration detection via hashed Apple subscription ID

Collected Automatically

Server access logs (IP addresses via standard cloud infrastructure logging)

We may collect additional categories of information as our services evolve. We will update this policy accordingly.

2. How We Use Your Information

Provide the service: account management, subscription processing, recipe generation, achievement system, Ember economy
Improve quality: analyze aggregated feedback, nutrition corrections, and usage patterns
Prevent fraud: detect achievement manipulation, clock tampering, Ember farming, referral abuse, and re-registration after deletion
Customer support: respond to inquiries and resolve issues
Analytics & reporting: internal dashboards for service health, engagement metrics, and cost monitoring
Legal compliance: respond to lawful requests and enforce our terms

3. Third-Party Services

Service	Data Shared	Purpose
Apple (Auth, App Store, HealthKit)	Apple ID token, subscription transactions	Authentication, payment processing. HealthKit data stays on-device.
Anthropic (Claude AI)	Ingredient names, dietary preferences, fitness goal, calorie/macro targets, allergens, cooking constraints	AI recipe generation. No personally identifiable information (name, email, user ID) is sent.
Google (Gemini AI)	Dish/badge text descriptions only	AI image generation for recipes and badges. No user data or PII is sent.
Amazon Web Services	Account data, diagnostics, all server-side data	Cloud infrastructure (US East region).

We do not sell your data to any third party. We do not share data for advertising purposes.

4. HealthKit Data

All HealthKit data is processed locally on your device. It is never transmitted to our servers, sold, shared with third parties, or used for advertising.

We read: weight, body fat percentage, lean body mass, BMI, steps, active energy, heart rate, VO2 max, workouts.

We write: weight, body fat percentage, lean body mass, BMI, dietary nutrition (calories, macronutrients, and 36 micronutrients).

HealthKit integration is optional and controlled by an explicit toggle in Settings > Integrations. Disabling the toggle stops all future reads and writes. Existing Apple Health data is managed by Apple Health, not by us.

5. Data Retention

Data	Retention
Active account data	Until you delete your account
On-device data (logs, pantry, weight)	On your device / iCloud — managed by you
Deleted account — grace period	30 days (cancellable)
Deleted account — fraud prevention stub	12 months, then fully purged
Subscription events	365 days
Diagnostics	Anonymized on deletion (userId stripped); crash data retained for stability
Anonymized feedback	Indefinite (userId removed; content kept for improvement)

Fraud prevention stub: After deletion and the 30-day grace period, we retain a minimal stub containing: a SHA-256 hash of your Apple subscription identifier (not reversible to your identity), device check status, and aggregate statistics (total Embers earned, achievement count, referral conversions, account age). This is retained under GDPR Article 6(1)(f) (legitimate interest in fraud prevention). No name, email, or consumption data is retained. The stub is automatically purged after 12 months.

6. Data Deletion & Your Rights

Deletion Process

Go to Settings > Account > Delete Account
Type "DELETE" to confirm
30-day grace period begins (cancellable)
After 30 days, automatic purge:
- All personal data deleted (Embers, ledger, achievements, referrals, saved recipes, usage data)
- Authentication account deleted
- Feedback/reports anonymized (userId removed)
- Diagnostics anonymized (userId stripped)
- Fraud prevention stub retained for 12 months (see above)
On-device and iCloud data must be deleted separately by you

Your Rights

All users have the following rights (enhanced for EU/EEA residents):

Access: Request a copy of data we hold about you
Rectification: Correct inaccurate data (most data is self-service editable in-app)
Erasure: Request account deletion (see above)
Portability: Request your data in a machine-readable format
Objection: Object to processing based on legitimate interest
Restriction: Request we limit processing of your data

To exercise any right, contact . We will respond within 30 days.

7. Security

All data in transit encrypted via TLS/HTTPS
Cloud infrastructure with encryption at rest
Authentication via Apple Sign-In with JWT tokens
API keys and secrets stored in secure parameter storage
Admin endpoints protected by role-based access control

8. Children

The App is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that a user is under 16, we will delete their account and associated data.

9. California Residents

We do not sell personal information
We do not share personal information for cross-context behavioral advertising
Health and nutrition data stored on your device never reaches our servers
We use sensitive personal information (dietary preferences, fitness goals sent for recipe generation) only to provide core app functionality
You have the right to non-discrimination for exercising your privacy rights
You may request we limit use of sensitive personal information to essential service purposes
To exercise California-specific rights, contact

10. International Users

Data is processed and stored in the United States. By using the App, you consent to the transfer of data to the US. For EU/EEA users, this transfer is necessary for the performance of our contract with you (GDPR Article 49(1)(b)).

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the App or email with at least 30 days notice. Continued use of the App after changes take effect constitutes acceptance.

12. Contact

—